/*
 Action Information:
 DATE          NAME        VERSION     DESCRIPTION
--------       -----       -------     -----------
 12/20/2013    LMS       	1.0.0       1.Updates Password Validation Action Request.
*/
package com.mbbmap.security.action;

import java.util.ArrayList;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;

import com.mbbmap.app.dao.SysLogDao;
import com.mbbmap.app.home.ParamHome;
import com.mbbmap.app.home.PwdValidationParamHome;
import com.mbbmap.app.home.SecGroupHome;
import com.mbbmap.app.home.SecParameterHome;
import com.mbbmap.app.home.SysLogHome;
import com.mbbmap.security.manager.UserManager;
import com.mbbmap.util.Constants;
import com.mbbmap.util.SecAccessHelper;


public final class UpdateSecParameterAction extends CommonDispatchAction {

	final String moduleCode = "SEC007";
	
	/**
	 * @author Luiz Santos
	 * @date 12-20-2013
	 * @desc Updates Regex Validation
	*/
	  public ActionForward updParameter(ActionMapping mapping,
	    ActionForm form, HttpServletRequest request,
	    HttpServletResponse response) throws Exception {

	    final String PROG_ID="UpdateSecParameter.updPwdRegex";
	    HttpSession session = request.getSession(false);
	    
	    if(session==null){
			return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		}
	    if(!isTokenValid(request)){
	    	System.out.println("Token validation failed!");
			session.invalidate();
	    	return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
	    }else{
	    	resetToken(request);
	    	System.out.println("Token validation passed!");
	    }
	    
		String strParamValue = request.getParameter("param_value");
		String strParamName = sanitize(request.getParameter("param_name"));
		if (strParamValue!=null){
			if (!strParamName.equalsIgnoreCase("userPwdRegex")){
				strParamValue=sanitize(strParamValue);
			}else{
				strParamValue=strParamValue.substring(0,59);
			}
		}
		System.out.println("UpdateSecParameterAction.java [updPwdRegex]: strParamValue = " + strParamValue);
		System.out.println("UpdateSecParameterAction.java [updPwdRegex]: strParamName = " + strParamName);
		
		ArrayList arlSecGroupList = new ArrayList();
		ArrayList arlSecModuleList = new ArrayList();
		String strEMerchant = (String) session.getAttribute(Constants.MERCHANT_KEY);
		System.out.println("UpdateSecGroupAction.java: [updPwdRegex] strEMerchant : " + strEMerchant);
		String strMerchant = "";
		
		
		// Validate variables
		if ((strParamName == null) || (strParamName.equals(""))){
			return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		}
		
		if ((strParamName == null) || (strParamName.equals(""))){
			return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		}
		
		
		if ((strEMerchant != null) && (!strEMerchant.equals(""))){
			//strMerchant= EncryptionHelper.decrypt(strEMerchant,ConfigManager.getInstance().get(EbppKeys.ENCRYPTION_PASSPHRASE));
		    strMerchant= strEMerchant;
		}else{
			strMerchant = "";
			return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		}

		boolean accessAllow = SecAccessHelper.isAccessAllow(moduleCode, request);
		accessAllow = true;
		System.out.println("Security access changed to "+accessAllow);
		if (!accessAllow) {
	        return mapping.findForward(Constants.KEY_ACTION_MAPPING_ERR);
	    }

		
		String strEncryptedUID = (String) session.getAttribute(Constants.LOGINID);
		String roleCode =(String) session.getAttribute(Constants.LOGON_USER_ROLE);
		System.out.println("UpdateSecParameterAction.java: updPwdRegex strEMerchant : " + strEMerchant);
		System.out.println("UpdateSecParameterAction.java: updPwdRegex strEMerchant login id is : " + strEncryptedUID);
		System.out.println("UpdateSecParameterAction.java: updPwdRegex strEMerchant rolecode is : " + roleCode);
		String strLoginID = "";
	
		if ((strEncryptedUID != null) && (!strEncryptedUID.equals(""))){
			//strLoginID= EncryptionHelper.decrypt(strEncryptedUID,ConfigManager.getInstance().get(EbppKeys.ENCRYPTION_PASSPHRASE));
		    strLoginID= strEncryptedUID;
		}else{
			strLoginID = "";
			return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		}
		
		if (roleCode == null || roleCode.trim().equals("")) {
		    return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		}
		
		// Activity log
		SysLogDao sysLogDao = new SysLogDao();
		sysLogDao.setActivityCode(Constants.ACT_CODE_SECURITY);
		sysLogDao.setAcctID(strMerchant);
		sysLogDao.setActivityName(PROG_ID);
		sysLogDao.setUserID(strLoginID);
		sysLogDao.setRole(roleCode);
		sysLogDao.setUserField1("[1] Update Paramater = " + strParamName);
		sysLogDao.setUserField1("[2] Update Value = " + strParamValue);
		sysLogDao.setStatus(Constants.ACT_STATUS_SUCCESS);
		
		System.out.println("UpdateSecParameterAction.java: init strMerchant : " + strMerchant);
		
		//Call Update Function Here at SecParamaterHome
		String strUpdate = SecParameterHome.getInstance().updParameter(strParamName, strParamValue, strLoginID, strMerchant);
		
		//String strUpdate = SecGroupHome.getInstance().addSecGroup(strGroupCode,strGroupName,strLoginID,strMerchant);
		
		if (!strUpdate.equals(Constants.DB_YES)) {
		    sysLogDao.setStatus(Constants.ACT_STATUS_FAIL_GENERAL);
		}
		SysLogHome.getInstance().insertSysLog(sysLogDao);
		
		arlSecGroupList = SecGroupHome.getInstance().findSecGroupList(strMerchant);
		session.setAttribute(Constants.SECURITY_GROUP, arlSecGroupList);
		arlSecModuleList = SecGroupHome.getInstance().findSecModuleList(strMerchant);
		session.setAttribute(Constants.SECURITY_MODULE, arlSecModuleList);
		String strAllowIdPw			= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_ALLOW_SAME_USER_ID_PW);
		String totalHistPwdStored 	= PwdValidationParamHome.getInstance().getParam(ParamHome.TECH_PARAM_TOTAL_PASSWORD_HIST);
		String strPwExpiry		 	= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_PW_EXPIRY_DAY);
		String strBadPwAttempt		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_BAD_PW_ATTEMPTS);
		String strChgPwFirLogon		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_CHG_PW_FIR_LOGON);
		String strUserPwRegex	 	= PwdValidationParamHome.getInstance().getParam(ParamHome.TECH_PARAM_PASSWORD_REG_EXPR);
		String strUIdMinLen			= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_UID_MIN_LEN);
		String strUIdMaxLen 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_UID_MAX_LEN);
		String strUIdPwMinLen	 	= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_UserPwdMinLen);
		String strUIdPwMaxLen		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_UserPwdMaxLen);
		String strLogOutTime		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_LOGOUT_TIME);
		String strUserDorDays	 	= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_USER_DOR_DAYS);
		String strPwReset			= PwdValidationParamHome.getInstance().getParam(ParamHome.TECH_PASSWORD_RESET_FLAG);
		String strMaxWebCon 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_MAX_WEB_CON);
		String strUserInac 			= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_USER_INACTIVE);
		String strDayLimit	 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_DAY_LIMIT);
		String strDisableFr	 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_DISABLE_TIMESTAMP_FR);
		String strDisableTo	 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_DISABLE_TIMESTAMP_TO);
		
		session.setAttribute(ParamHome.SEC_ALLOW_SAME_USER_ID_PW,strAllowIdPw);
		session.setAttribute(ParamHome.TECH_PARAM_TOTAL_PASSWORD_HIST,totalHistPwdStored);
		session.setAttribute(ParamHome.SEC_PW_EXPIRY_DAY, strPwExpiry);
		session.setAttribute(ParamHome.SEC_BAD_PW_ATTEMPTS, strBadPwAttempt);
		session.setAttribute(ParamHome.SEC_CHG_PW_FIR_LOGON, strChgPwFirLogon);
		session.setAttribute(ParamHome.TECH_PARAM_PASSWORD_REG_EXPR,strUserPwRegex);
		session.setAttribute(ParamHome.SEC_UID_MIN_LEN, strUIdMinLen);
		session.setAttribute(ParamHome.SEC_UID_MAX_LEN, strUIdMaxLen);
		session.setAttribute(ParamHome.SEC_UserPwdMinLen, strUIdPwMinLen);
		session.setAttribute(ParamHome.SEC_UserPwdMaxLen, strUIdPwMaxLen);
		session.setAttribute(ParamHome.SEC_LOGOUT_TIME, strLogOutTime);
		session.setAttribute(ParamHome.SEC_USER_DOR_DAYS, strUserDorDays);
		session.setAttribute(ParamHome.TECH_PASSWORD_RESET_FLAG, strPwReset);
		session.setAttribute(ParamHome.SEC_MAX_WEB_CON, strMaxWebCon);
		session.setAttribute(ParamHome.SEC_USER_INACTIVE, strUserInac);
		session.setAttribute(ParamHome.SEC_DAY_LIMIT, strDayLimit);
		session.setAttribute(ParamHome.SEC_DISABLE_TIMESTAMP_FR, strDisableFr);
		session.setAttribute(ParamHome.SEC_DISABLE_TIMESTAMP_TO, strDisableTo);
		
				if (strUpdate == "Y"){
					request.setAttribute("msg", "Security Parameter Successfully Changed.");
					request.setAttribute("msg_id", "MSG999");
				}else{
					request.setAttribute("msg", "Failed to Reset Password. Please Try Again.");
					request.setAttribute("msg_id", "MSG002");
				}
		
		Constants.globalParamProp = ParamHome.getInstance().getParamValues(Constants.APP_MERCHANT);
		
	    return mapping.findForward(Constants.KEY_ACTION_SUCCESS);
	  }
	
	
	
	
}
